On Sun, Dec 28, 2008 at 3:25 PM, Karl Fife <karlf...@gmail.com> wrote: > I just upgraded from 1.2 Embedded to 1.2.1 Embedded: > > Is the following a regression? >
Yep - the SVG graphs used to not require any authentication, they were open to anyone who had access to the port your webUI was running on if you accessed that php page directly. Now that page won't load without authentication. This is how m0n0wall has always done it, but we went through and tightened up some things including this. But the way it was done apparently only worked right with Firefox. Many of our devs including the one who made that change are Mac users, or exclusively use Firefox, which is likely how this wasn't noticed sooner. This has been fixed, I think. Please help test - Go to Diagnostics -> Edit file, open /usr/local/www/graph.php. Replace: if(!$_SERVER['PHP_AUTH_USER']) { Header("Location: /"); exit; } with: require("guiconfig.inc"); save the file, then try again. That works for me in Chrome, and still requires the authentication. On another note, upgrading embedded is of course a known pain point with every embedded version to date, and hasn't been well tested - how did you upgrade, and I presume everything else is working as prior to upgrade? --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org